CloudFormation cfn-signal failures troubleshooting One very important question exam you may get is the wait condition did not receive the required number of signals from an Amazon e two instance and you need to be able to troubleshoot this. So number one, it’s maybe because the AMI you’re using has the confirmation helper scripts installed so not installed, so you need to make sure that it has them. Obviously if it doesn’t have the help of scripts, you go online in the documentation and you figure out how to download…

CloudFormation Intrinsic Functions So the exam may ask you about interesting functions and we’ve seen them, but here is a list of the ones you should absolutely know for the exam. The ref function, the get attribute find and map, import value, join sub and the condition functions. So let’s go ahead and have a quick memory refresher on what they are. The ref function is to be the most important. It used to be referencing parameters and in case you reference a parameter, it will return the value of…

CloudFormation Resources Let’s talk about resources. So resources, they’re your core of your confirmation templates and they’re mandatory. Your confirmation template cannot work without the resources block. And the resources as the name indicates, represent the different apex components. It’s just a synonym that will be created and configured and the resources are declared and they can reference each other. So you can link the resources together. For example, you can link a security group and an EC two instance AWS will figure out the creation updates and deletion of…

Creating hierarchies Now, in this video, I want to talk to you about hierarchies. So we’ve had an example of hierarchies in the past when we were looking at dates. For instance, we have a date hierarchy, and this hierarchy goes from the widest to the narrowest. So it starts off a year and then go quarter month and day. And that is a computer generated hierarchy, also known as an employee explicit hierarchy. Now, we have used hierarchies already. For instance, when we had a look at the maps,…

Application Issues To truly understand how to secure applications though, you need to understand exactly what you’re up against. You have to know at least some basic knowledge about a number of specific security issues and attacks. So let’s start with the Insecure Direct object references. Applications are frequently using the actual name or the actual key of an object when they generate web pages, and they don’t always verify that the user is authorized for that target object. That results in this insecure direct object reference flaw. So an…

Physical Security Options There are some physical security options that we want to keep in mind. ant tamper technology, for instance, is designed to prevent access to sensitive information and encryption keys on a device. Special processors, for example, will store and process private or sensitive information like private keys, electronic money, credit. And those chips are designed so that the information is not accessible through external means. It can only be then accessible by embedded software. And that embedded software should contain the appropriate security measures like requiring authentication…

Symmetric Algorithms So let’s go back and talk about some of these symmetric algorithms. Now, this can be a little bit mind boggling when you start trying to remember all of this, but you do need to be at least somewhat familiar with these algorithms and some of the characteristics. This is going to be just a studying point, really. The digital encryption standard Des, and it’s counterpart triple Des. Des uses a 64 bit key. Eight bits are used for parity, so the actual key length is 56 bit,…

Hashing Hashing is another cryptographic concept that is probably familiar to some. It involves running data through a cryptographic function to produce a one-way message digest, aka a hash value. The size of the message digest is going to be determined by the algorithm that’s used, but it represents the data. It’s also referred to as non reversible encryption because it’s a representation of the data, but it can’t be reversed. You can’t use it to determine the original data, but it is unique. It’s unique based on the bits…

Authorization Now, once a user is successfully identified, they have to be granted rights and permissions to resources, and that process is referred to as authorization. Identification and authentication have to proceed. Authorization, but they don’t imply authorization. So I’ve always said it like this. Just because you are who you say you are doesn’t mean that you can do whatever it is you’re trying to do. Right? And so you could like it to somebody produces an identity to get into a VIP party and they’re not on the…

Chapter Introduction In this chapter, we’re going to be looking at implementing advanced authentication and cryptographic techniques. In any organization, it’s important to correctly identify the individuals who are logging on to the network. Whether it’s local, interactive logons or remote access or wireless access. We need to be able to correctly identify those individuals so that we can then use that identity to secure their access. We want to make sure only authorized users are able to access our systems. And so we’re going to be talking about a…